Traditional face recognition systems operate by capturing and storing information that describes the unique characteristics of a person's face (constituting enrollment-phase face information). When the user later seeks access to a protected resource, the recognition system captures verification-phase face information, and then compares the verification-phase face information with the stored enrollment-phase face information. The recognition grants access to the protected resource when the enrollment-phase face information matches the verification-phase face information.
While the use of face recognition systems is becoming more prevalent, these systems remain vulnerable to spoofing attacks. For example, some traditional face recognition systems operate by extracting pose-invariant features pertaining to a user's face, such as the pose-invariant distances between various landmarks on the user's face. There remains a risk that a malicious actor can gain access to protected resources by presenting a photograph or three-dimensional bust to such a face recognition system, where that photograph or bust duplicates the appearance of an authorized user. The industry has countered this threat by using various liveness tests for discriminating between a live human user and a simulation thereof. But it remains at least theoretically possible for a malicious actor to spoof even these liveness tests. For example, if a recognition system makes verification conditional on the user performing successive actions, a malicious actor can successively present photographs or busts which provide static “snapshots” of these actions.